We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website. See our cookie policy for more information on cookies and how to manage them.

Shadow IT is garnering the attention of information security directors. But is it deserving of its newfound mindshare?

The security concerns around unsanctioned systems are understandable, though may be a bit misdirected. The true intersection between Shadow IT and security is found within unsanctioned SaaS applications that directly connect to sanctioned cloud platforms within the corporate environment. To date, CloudLock has discovered over 9,000 3rd party apps connected to corporate environments. A number of high profile security breaches – think Snapchat – have been traced back to 3rd party apps.

However, many of these applications offer compelling cases as user-selectable, productivity-enhancing business tools. To take advantage of the powerful suite of technology available today without introducing yet another risk vector, organizations must better understand the risk as well as the insight and controls necessary to remain secure.

The Risk of 3rd Party Apps

To determine the security risk, consider taking a look at the applications access scope – that is, the capabilities users grant the 3rd party app when they enable it within the domain. Often times, these functionalities include the capability to create, manage, delete, and modify files within the environment.

In and of itself, such functionality is innocuous and enables users to derive considerable benefit, often directly related to business operations, from the app. However, if the app is malicious by design or were to be compromised – something outside the control of your organization – the consequences could be considerable. The malicious actor could leverage the permissions granted to the application to externalize sensitive data or modify the domain.

Securing 3rd Party Apps

To secure these applications, organizations need visibility into the number of apps enabled within the environment, which cloud platform they are enabled within, what the access scopes are, and which users have enabled them, as well as their privilege level.

After surfacing this critical information, the ability to take action (whitelist or blacklist) based on risk profile and access scope becomes essential. Employee awareness becomes essential – use email alerts to notify them of risky apps, and, when necessary, revoke apps.

Data Protection in the Cloud

Striking the right balance between security and user enablement in cloud platforms can be a challenge. Armed with the right information and capabilities, an increasing number of organizations are taking advantage of all the cloud has to offer, while maintaining organizational security.

Follow us

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser